Thinkpads Forum

I've been greatly enjoying the wireless use of my T42 (purchased last week) and haven't worried thus far about security. Actually, I've been using unsecured connections due to not being able to log on to my connection when using a Windows XP-driven secured line.

Obviously, I'm new to wireless connectivity and to IBM's offerings with wireless.

My question is: What are the group's recommendations about proper exploitation of security using wireless? Does the ThinkPad offer any additional advantage to Windows XP's wireless "security" features. If so, can someone please summarize the best way to take advantage of these ThinkPad features?

I'd appreciate any thoughts as this seems like a difficult avenue for which to find good information.

Here's the guide I used for securing my wireless router:

http://kbserver.netgear.com/kb_web_files/n101191.asp

I'm pretty sure that Access Connections supports some of the more specialized security features found in Cisco products, but I've never explored these in any detail.

Just as a request - placing your location in your profile may be of use to you if you have problems related to your location (trouble with a particular service center, for example, or questions about a region specific keyboard).

I use WPA-PSK TK/IP to secure my wireless router. I also employ MAC filtering and turn off SSID broadcasting.

If you have unsecured Wireless, anybody can access it, engage in criminal activity and it points to you as the perpetrator.

... JD Hurst

...

Don't bcome too paranoid about security. Even a minimal amount of security would require a war driver to sit outside your place for almost a week to break in (it is dependent on the amount of traffic you generate). Your worst case is probably a neighbor getting a free ride and/or infecting your box. Just because someone gets access to your internet doesn't mean they can easily get into your box. Just set your permissions etc in xp. Or you can turn off the radio in your router or unplug the dsl line etc.
Do as the previous posters suggested. Using only allowed macs in your router is pretty safe.
Windows sp2 is pretty good for connections, as well as a hardware firewall in your router. Personally I find it easier to use xp for connections than IBM's, but I also don't like the extra bloatware that can accumulate. Trend Micro Internet Security 2005 is a good all round package for antivirus, firewall etc. It even includes cell phone security for 29 bucks a year.
BTW one of my neighbors is a manager for a local isp and ironically he is the only one I can pick up with an unsecured network. He obviously doesn't keep any secret NSA documents.

...

Thanks Batuta, I had a narrow concept of these issues. My greatest fear in life is being remotely close to people who tell non-truths, commonly known as liars, my vocabulary lacks words to protect me from them. You have described a new fear for me, my firewall shall be notched up a level for greater protection. Norm

After working in network security and been at several hacker conventions I can tell you this.

You should be paranoid about wireless security. The FBI cracked WiFi access points in under 5 minutes. It takes me about 2-3 hours if you are running WEP. The hackers I know - would do it for fun and profit.

Now if you don't mind someone like myself reading your email, looking at your family photos, capturing your passwords, recording your credit card information, planting keystroke loggers and spyware, and sending emails out that look like you, calling up and canceling your cable service - then don't bother.

But if you do - then encrypt and use WPA or better WPA-RADIUS. Put all of your sensitive information behind another firewall. Use a personal firewall, install antivirus, and antispyware.

On your access point:
-turn off remote management
-enable the built in firewall
-turn on WPA encryption
-turn on mac address filtering
-turn off DHCP and assign static IP settings
-turn off SSID advertising
-change the default password to something with letters+numbers+symbols
-change the default inside network scheme
-reassign your router ip to something else besides 192.168.0.1 or 192.168.1.1

otherwise - this is what some people I know would do:

-wait outside your house on the street in a parked car.
-fire up a laptop and yagi antenna.
-start netstumbler and read your SSID
-capture enough packets to get good initialization vectors (IV)
-startup WEPCRACK and brute force the key.
-reconfigure for your SSID and enter the key
-automatically get assigned your DHCP settings
-surf over to http://192.168.0.1
-login using the oh-so-hard-to-guess default password.
-enable remote management
-provide a backdoor to your network from the internet
-go home and hack away at your computers.
-post your SSID information on the IIRC channels for others to use.

ok - so you get the point.

Your replies have some interesting validity.

I'm still not worried about wifi security and I still drive a car despite the possibility of accidents.

None of us are secure if connected, by any means, but we can be hardened.
Do you really think that in an average neighborhood with, depending on surveys, anywhere from 1/4 to 3/4 of the access points are unsecured, an intruder would spend much time on your hardened system?
A spammer or hacker or whoever would intelligently use an unmonitered easy system. You are responsible for your address, but you must also understand , if someone wants in, given the time and knowledge, they will get in, period.
That's just the nature of the beast, software can be hacked.
You have better odds in winning one of the powerball lotteries than ending up in jail from an attacker. Would someone rob a 7-11 for $50.00 or a bank for $300,000.00. Yes, some do but check the stats. You should worry much more about identity theft from the database theft of your bank or ccard or hospital or aol or any number of agencies that are not secure with your private info.

You will always read the horror stories of some poor soul. There are millions upon millions of users. Those are pretty good odds. A high percentage of users have trouble doing email, much less intrusion.

Thinkpad users have a nice option available to them and that is a second hard drive in the ultra bay for private non connected use. Very simple concept. On a desktop, I use mobile trays, one for the internet and others for offline. I even have one for my 5 year old. She goes to pbskids and I don't care if her drive is hacked.

Like I originally said, "Don't become too paranoid about security". (That doesn't mean to ignore it BTW) The odds are greatly in your favor.

...

I don't know if I like the idea of wireless security. As soon as my neighbor finds out about that security stuff, I'm gonna have to get my own internet connection. (just kiddin')

Your replies have some interesting validity.

LOL - ok if you say so.

After getting to know some of the hackers in the US - I can tell you this. They are an entirely different animal from you or I. Coming from divergent backgrounds and having questionable motivations - they enjoy nothing more than cracking systems for the fun of it.

Goths, punks, quiet kids, grown adults, counter-culture, and super-techies they are (forgive my Yoda-like grammar).

At one convention they had something called "The wall of shame". Which is this:

If you connect to the internet to check your email or whatnot - they will record your session - write down your email and password and write it on a giant whiteboard in the lobby. Just to let you know that you should be ashamed of not knowing how insecure you are. It's not that it's all about profit - it's about showing you up. I could relate to you other horror stories - but if you decide not to secure you network and wireless network - well, you were warned.

While the chances are good that a thief won't try to rob my house - I prefer to keep the doors and windows locked. After seeing the motivations and capabilities of the other side - it's what my industry calls "Due Care".

Bluetooth is even less secure. Some hackers I know fire up their laptops at Starbucks and wait for bluetooth enabled phones and laptops to come stolling by.